Requesting certificates with Let’s Encrypt’s official certbot client

Mattias Geniar, Monday, April 22, 2019

There's plenty of guides on this already, but I recently used Let's Encrypt certbot client again manually (instead of through already automated systems) and figured I'd write up the commands for myself. Just in case.

$ git clone /opt/letsencrypt
$ cd /opt/letsencrypt

Now that the client is available on the system, you can request new certificates. If the DNS is already pointing to this server, it's super easy with the webroot validation.

$ /opt/letsencrypt/letsencrypt-auto certonly --expand \
  --email you@domain.tld --agree-tos \
  --webroot -w /var/www/vhosts/yoursite.tld/htdocs/public/ \
  -d yoursite.tld \
  -d www.yoursite.tld

You can add multiple domains with the -d flag and point it to the right document root using the -w flag.

After that, you'll find your certificates in

$ ls -alh /etc/letsencrypt/live/yoursite.tld/*
/etc/letsencrypt/live/yoursite.tld/cert.pem -> ../../archive/yoursite.tld/cert1.pem
/etc/letsencrypt/live/yoursite.tld/chain.pem -> ../../archive/yoursite.tld/chain1.pem
/etc/letsencrypt/live/yoursite.tld/fullchain.pem -> ../../archive/yoursite.tld/fullchain1.pem
/etc/letsencrypt/live/yoursite.tld/privkey.pem -> ../../archive/yoursite.tld/privkey1.pem

You can now use these certs in whichever webserver or application you like.

Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *